MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1203 Exploitation for Client Execution
T1566.001 Spearphishing Attachment
The file is identified as a malicious RTF dropper by ClamAV, specifically flagging an exploit for CVE-2015-1641. The presence of OLE object data further indicates embedded malicious content. This suggests the document is designed to exploit a client-side vulnerability to download and execute a secondary payload, likely delivered via spearphishing.
Heuristics 3
-
ClamAV: Rtf.Dropper.Agent-1817350 critical CLAMAV_DETECTIONClamAV detected this file as malware: Rtf.Dropper.Agent-1817350
-
OLE object data medium RTF_OBJDATARTF contains 2 \objdata section(s) — embedded OLE objects
-
Embedded OLE object medium RTF_OBJEMBRTF contains \objemb — embedded OLE object
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
objdata_00_off00000072.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x72 | 2614 bytes |
SHA-256: bfd3610398fd1b19acbdcec337c59bf7b76f27fb18fa556d0e1dcef44295e9d4 |
|||
objdata_01_off000015e5.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x15E5 | 55869 bytes |
SHA-256: 39d0213ba46bf478ea979a713187d6c9a038329e1544d9e3484d26e598cd0c89 |
|||
|
Detection
ClamAV:
Doc.Exploit.CVE_2015_1641-6397417-0
Obfuscation or payload:
unlikely
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.